[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
loop-AES on a root RAID1 device; it only sort of works
/dev/md1 (RAID1) is composed of /dev/hda2 and /dev/hdd1, and
/dev/md2 (RAID1) is composed of /dev/hda6 and /dev/hdd2. /dev/md1 is an
unencrypted ext2 boot device. /dev/md2 is overlain with loop-AES and
is mounted as root. The initrd ram-disk for encrypting root is created
with the usual ./build-initrd.sh build-initrd.conf.
In build-initrd.conf, BOOTDEV equals /dev/hda2. I don't set it
to /dev/md1 as md1 hasn't been assembled yet. When rootsetup assembles
the RAID devices, /dev/hda2 is already under use and so is not
included in /dev/md1. /dev/hda2 ends up missing from /dev/md1:
# cat /proc/mdstat
Personalities : [raid1]
md2 : active raid1 hda6[0] hdd2[1]
3076352 blocks [2/2] [UU]
md1 : active raid1 hdd1[1]
48128 blocks [2/1] [_U]
(I think this is the correct question) How do I create a ram-disk in
which there is an assembled /dev/md1 from which to boot?
Thanks again
Fog_Watch.
# cat /boot/rootsetup
#!/lib/sh
if [ "x$1" != "x-d" ] ; then
/lib/mkdir -p /proc /dev/mapper
/lib/mount -n -t proc proc /proc
/lib/mknod /dev/hdd1 b 22 65
/lib/mknod /dev/hda6 b 3 6
/lib/mknod /dev/hdd2 b 22 66
/lib/mdadm -A -s -c /lib/mdadm.conf
/lib/umount -n /proc
/lib/losetup -e AES128 -K /lib/gpg.key -G /lib /dev/loop5 /dev/md2
x=$?
exit ${x} # exit with return status of losetup
else
/lib/losetup -d /dev/loop5
x=$?
exit ${x} # exit with return status of losetup
fi
--
Lose wait. Get Gentoo.
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/